From c138612b608cf3a4c4fbeab24d3e2c83af2015be Mon Sep 17 00:00:00 2001 From: Sebastian Jitaru Date: Tue, 26 Mar 2024 18:04:25 +0100 Subject: [PATCH] WebSecurityConfig changed so only admin can post to /shelters/** --- .../eps/softarch/demo/config/WebSecurityConfig.java | 6 ++++-- .../softarch/demo/steps/CreateShelterStepDefs.java | 12 ++++++------ src/test/resources/features/CreateShelter.feature | 12 ++++++------ 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java b/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java index 083de609..775d4702 100644 --- a/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java +++ b/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java @@ -30,11 +30,13 @@ protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exce .requestMatchers(HttpMethod.GET, "/identity").authenticated() .requestMatchers(HttpMethod.POST, "/users").anonymous() .requestMatchers(HttpMethod.POST, "/users/*").denyAll() - .requestMatchers(HttpMethod.POST, "/**/*").authenticated() .requestMatchers(HttpMethod.PUT, "/**/*").authenticated() .requestMatchers(HttpMethod.PATCH, "/**/*").authenticated() .requestMatchers(HttpMethod.DELETE, "/**/*").authenticated() - .anyRequest().permitAll()) + .requestMatchers("/shelters/**").hasAuthority("ROLE_ADMIN") + .requestMatchers(HttpMethod.POST, "/**/*").authenticated() + + .anyRequest().permitAll()) .csrf((csrf) -> csrf.disable()) .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .cors((cors) -> cors.configurationSource(corsConfigurationSource())) diff --git a/src/test/java/cat/udl/eps/softarch/demo/steps/CreateShelterStepDefs.java b/src/test/java/cat/udl/eps/softarch/demo/steps/CreateShelterStepDefs.java index f9b3e4f3..d69e67a8 100644 --- a/src/test/java/cat/udl/eps/softarch/demo/steps/CreateShelterStepDefs.java +++ b/src/test/java/cat/udl/eps/softarch/demo/steps/CreateShelterStepDefs.java @@ -85,12 +85,12 @@ public void thereIsNoShelterRegisteredWithTheName(String name) { @Given("^There is a registered volunteer with name \"([^\"]*)\" and password \"([^\"]*)\" and email \"([^\"]*)\"$") public void thereIsARegisteredVolunteerWithNameAndPasswordAndEmail(String name, String password, String email) { if(!ShelterVolunteerRepository.existsById(name)) { - ShelterVolunteer user = new ShelterVolunteer(); - user.setEmail(email); - user.setId(name); - user.setPassword(password); - user.encodePassword(); - ShelterVolunteerRepository.save(user); + ShelterVolunteer volunteer = new ShelterVolunteer(); + volunteer.setEmail(email); + volunteer.setId(name); + volunteer.setPassword(password); + volunteer.encodePassword(); + ShelterVolunteerRepository.save(volunteer); } } } diff --git a/src/test/resources/features/CreateShelter.feature b/src/test/resources/features/CreateShelter.feature index 482130a9..a92be1f3 100644 --- a/src/test/resources/features/CreateShelter.feature +++ b/src/test/resources/features/CreateShelter.feature @@ -21,12 +21,12 @@ Feature: Create Shelter When I create a shelter with a name "name", email "shelter@sample.app" and phone "123123123" and location "location" Then The response code is 201 - #Scenario: Create shelter as Volunteer - # Given I login as "volunteer" with password "password" - # When I create a shelter with a name "name", email "shelter@sample.app" and phone "123123123" and location "location" - # Then The response code is 401 - # And The error message is "Unauthorized" - # And There is 0 Shelter created + Scenario: Create shelter as Volunteer + Given I login as "volunteer" with password "password" + When I create a shelter with a name "name", email "shelter@sample.app" and phone "123123123" and location "location" + Then The response code is 403 + And The error message is "Forbidden" + And There is 0 Shelter created Scenario: Create shelter as Client Given I login as "client" with password "password"